ADC

Load balancing SYSLOG servers

March 28, 2024

Contributed by:

C S

The NetScaler appliance sends its SYSLOG events and messages to all the configured external log servers. This results in storing redundant messages and makes monitoring difficult for system administrators. To address this issue, the NetScaler appliance offers load balancing algorithms that can load balance the SYSLOG messages among the external log servers for better maintenance and performance. The supported load balancing algorithms include RoundRobin, LeastBandwidth, CustomLoad, LeastConnection, LeastPackets, and AuditlogHash.

Load balancing of SYSLOG servers using the command line interface

At the command prompt, type:

Add a service and specify the service type as SYSLOGTCP or SYSLOGUDP.

add service <name>(<IP> | <serverName>) <serviceType (SYSLOGTCP | SYSLOGUDP)> <port>
Add a load balancing virtual server, specify the service type as SYSLOGTCP or SYSLOGUDP, and load balancing method as AUDITLOGHASH.

add lb vserver <name> <serviceType (SYSLOGTCP | SYSLOGUDP)> [-lbMethod <AUDITLOGHASH>]
Bind the service to the load balancing virtual server.

Bind lb vserver <name> <serviceName>
Add a SYSLOG action and specify the load balancing server name that has SYSLOGTCP or SYSLOGUDP as service type.

add syslogaction <name> <serverIP> [-lbVserverName <string>] [-logLevel <logLevel>]
Add a SYSLOG policy by specifying the rule and action.

add syslogpolicy <name> <rule> <action>
Bind the SYSLOG policy to the system global for the policy to take effect.

bind system global <policyName>

Load balancing of SYSLOG servers using the GUI

Add a service and specify the service type as SYSLOGTCP or SYSLOGUDP.

Navigate to Traffic Management > Services, click Add and select SYLOGTCP or SYSLOGUDP as protocol.
Add a load balancing virtual server, specify the service type as SYSLOGTCP or SYSLOGTCP, and load balancing method as AUDITLOGHASH.

Navigate to Traffic Management > Virtual Servers, click Add and select SYLOGTCP or SYSLOGUDP as protocol.
Bind the service to the load balancing virtual server.
1. Navigate to Traffic Management > Load Balancing > Virtual Servers, select the load balancing virtual server, and click Edit.
2. In the Services and Service Groups section, click Load Balancing Virtual Server Service Binding and click Add Binding.
3. On the Service Binding page, click Select Service, select the service with service type as SYSLOGTCP or SYSLOGUDP, and click Select.
4. On the Service Binding page, click Bind.
5. Click Close and then Done to navigate back to the Virtual Servers page.
Add a SYSLOG action and specify the load balancing server name that has SYSLOGTCP or SYSLOGUDP as service type.

Navigate to System > Auditing, click Servers and add a server by selecting LB Vserver option in Servers.
Add a SYSLOG policy by specifying the rule and action.

Navigate to System > Syslog, click Policies and add a SYSLOG policy.
Bind the SYSLOG policy to the system global for the policy to take effect.

Navigate to System > Syslog, select a SYSLOG policy and click Action, and then click Global Bindings and bind the policy to system global.

Example:

The following configuration specifies load balance of SYSLOG messages among the external log servers using the AUDITLOGHASH as load balancing method. AUDITLOGHASH method load balances the traffic based on input hash value from the audit agents. The agents are the modules which generate auditlog in a NetScaler appliance. For example, if an agent LSN wants to load balance auditlogs based on client IP address, LSN module generates the hash value based on clientIP and passes the hash value to auditlog module. The auditlog module sends the auditlog messages which have same hash value to the external syslog server.

The NetScaler appliance generates SYSLOG events and messages that are load balanced amongst the services, service1, service2, and service 3.

add service service1 192.0.2.10 SYSLOGUDP 514
add service service2 192.0.2.11 SYSLOGUDP 514
add service service3 192.0.2.11 SYSLOGUDP 514
add lb vserver lbvserver1 SYSLOGUDP -lbMethod AUDITLOGHASH
bind lb vserver lbvserver1 service1
bind lb vserver lbvserver1 service2
bind lb vserver lbvserver1 service3
add syslogaction sysaction1 -lbVserverName lbvserver1 -logLevel All
add syslogpolicy syspol1 ns_true sysaction1
bind system global syspol1
<!--NeedCopy-->

Use the following command to configure SYSLOG using LB server with FQDN when ICMP packet is blocked: set service service1 -healthMonitor NO

Limitations:

The NetScaler appliance does not support an external load balancing virtual server load balancing the SYSLOG messages among the log servers.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Load balancing SYSLOG servers

March 28, 2024

Contributed by:

C S

March 28, 2024

Contributed by:

C S

Load balancing SYSLOG servers

In this article